Tuesday, September 28, 2004

Here's an interesting series of articles on the "first" Pocket PC virus WinCE4.Dust from its inventor. Here's another recent article on the same topic that discusses a Trojan infecting Pocket PCs.

Here's a short snippet from our book on this topic included in chapter 9, "Securing Compact Framework Solutions"...

Even though viruses that target mobile devices are not as prevelant as those targeting desktop computers, they are still a potential threat to any software on the device. Typically, however, devices are not damaged by viruses but rather pass them into a corporate network via email attachments and documents.

There are, as you might expect, a variety of anti-virus packages on the market for devices such as the Pocket PC from vendors that include McAfee, Computer Associates, and F-Secure. Additionally personal firewall products such as VPN-1 are available from vendors such as Check Point Software Technologies Ltd.

If anti-virus and third-party authentication software is installed on the device it is a best practice to place the sofware in flash ROM rather than simply in RAM on the device. In this way, the software will survive a hard reset in which the user removes the batteries. However, storing your application in RAM can also work in your favor since the application will be lost when performing a hard reset, thereby disallowing access to it.